Legoos Posted December 7, 2020 Share Posted December 7, 2020 Добрый день. Ради интереса просканировал свой роутер из локальной сети с помощью routersploit autopwn и обнаружилась уязвимость [+] 192.168.1.130 Device is vulnerable: Target Port Service Exploit ------ ---- ------- ------- 192.168.1.130 80 http exploits/routers/linksys/eseries_themoon_rce Пошёл дальше rsf (AutoPwn) > use exploits/routers/linksys/eseries_themoon_rce rsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.130 [+] target => 192.168.1.130 rsf (Linksys E-Series TheMoon RCE) > run [*] Running module exploits/routers/linksys/eseries_themoon_rce... [+] Target is vulnerable [*] Invoking command loop... [*] It is blind command injection - response is not available [+] Welcome to cmd. Commands are sent to the target via the execute method. [*] For further exploitation use 'show payloads' and 'set payload <payload>' commands. cmd > show payloads [*] Available payloads: Payload Name Description ------- ---- ----------- mipsle/bind_tcp MIPSLE Bind TCP Creates interactive tcp bind shell for MIPSLE architecture. mipsle/reverse_tcp MIPSLE Reverse TCP Creates interactive tcp reverse shell for MIPSLE architecture. Может ложно сработало на похожую уязвимость у Linksys, я не разбираюсь в этом особо. Просьба проверить, на всякий случай. Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted December 7, 2020 Share Posted December 7, 2020 Уже неоднократно проверялось - это false-positive. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.